2020-05-17T01:12:00 -heroes-bot- PROBLEM: NRPE on olaf.infra.opensuse.org - CHECK_NRPE: Error - Could not connect to 192.168.47.17: Connection reset by peer ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=olaf.infra.opensuse.org&service=NRPE 2020-05-17T01:21:59 -heroes-bot- RECOVERY: NRPE on olaf.infra.opensuse.org - NRPE v3.2.1 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=olaf.infra.opensuse.org&service=NRPE 2020-05-17T02:41:03 *** okurz_ is now known as okurz 2020-05-17T04:05:06 *** strelow[m]10 is now known as strelow[m]12 2020-05-17T04:05:07 *** strelow[m]12 is now known as strelow[m]14 2020-05-17T04:45:26 -heroes-bot- PROBLEM: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS CRITICAL: DB postgres total waiting locks: 4 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks 2020-05-17T04:48:08 -heroes-bot- PROBLEM: PSQL locks on mirrordb2.infra.opensuse.org - POSTGRES_LOCKS CRITICAL: DB postgres total locks: 389 * total waiting locks: 190 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb2.infra.opensuse.org&service=PSQL%20locks 2020-05-17T04:55:26 -heroes-bot- RECOVERY: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS OK: DB postgres total=16 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks 2020-05-17T04:58:07 -heroes-bot- RECOVERY: PSQL locks on mirrordb2.infra.opensuse.org - POSTGRES_LOCKS OK: DB postgres total=1 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb2.infra.opensuse.org&service=PSQL%20locks 2020-05-17T06:30:13 *** strelow[m]14 is now known as strelow[m]16 2020-05-17T06:30:14 *** strelow[m]16 is now known as strelow[m]18 2020-05-17T11:47:59 malcolmlewis: put back the permissions, can you check if I missed any? 2020-05-17T12:38:42 lcp: can you have a look at this message: The directory the sitemap files are to be written into is not writeable. Please change the permissions on the path to be writeable by the web server or enter a different path in the sitemap options. 2020-05-17T12:38:57 it's on top of the control panel 2020-05-17T12:42:47 right, let me check 2020-05-17T12:46:10 knurpht: `drwxrwxr-x 2 wwwrun www 4.0K Aug 20 2019 sitemap` 2020-05-17T12:46:14 this seems fine 2020-05-17T12:51:00 cboltz: I finished some setup on ldap-proxy.i.o.o /openid-ldap and /idp (from ipsilon) - do you want to update ha-proxy on anna/elsa ? 2020-05-17T12:52:44 yes, of course 2020-05-17T12:53:12 Eighth_Doctor: found another small issue that ipsilon uses /srv/www/run/ for wsgi sockets, but nothing created it. Worked after manual mkdir. 2020-05-17T12:53:43 so you need /openid-ldap/ and /idp/ proxied to ldap-proxy.i.o.o, right? 2020-05-17T12:53:52 yes 2020-05-17T12:54:08 bmwiedemann: most mod_wsgi apps expect it to exist, so I'm surprised mod_wsgi doesn't create it 2020-05-17T12:54:17 I'll add a %post or something to create it if it doesn't exist 2020-05-17T12:54:22 I had to do that for pagure as well 2020-05-17T12:54:46 cboltz: will haproxy do https ? 2020-05-17T12:55:19 Eighth_Doctor: I dont use wsgi much (I am the mod_perl type), so dont know 2020-05-17T12:55:55 bmwiedemann: most of my python apps use nginx instead of apache, so this usually isn't a thing either ;) 2020-05-17T12:56:00 it can if you want - but since this is in the internal network, we usually do plain http internally 2020-05-17T12:56:53 internal http is fine. I didnt setup any SSL yet 2020-05-17T12:57:52 was just wondering about external https 2020-05-17T12:58:38 external https is handled by / in haproxy, no need to worry about that 2020-05-17T13:00:32 bmwiedemann: ipsilon has a proxy mode that you will have to enable 2020-05-17T13:00:41 I think we got it somewhere in our config 2020-05-17T13:01:19 but since it's not a public thing atm, you can just look up fedora's ansible config for it 2020-05-17T13:01:44 haproxy config done, happy testing ;-) 2020-05-17T13:01:55 https://pagure.io/fedora-infra/ansible/blob/master/f/roles/ipsilon/templates/ipsilon.conf#_21 2020-05-17T13:03:19 lcp: message is gone now 2020-05-17T13:03:49 yeah, I fixed it 2020-05-17T13:03:55 there was a wrong path set in the config 2020-05-17T13:05:45 bmwiedemann: iirc, mojolicious prefers you use wsgi these days, doesn't it? 2020-05-17T13:08:17 lcp: added proxy config. thanks. 2020-05-17T13:08:42 Eighth_Doctor: dunno. Back when I did openQA, it did plain CGI and not mojolicious 2020-05-17T13:19:43 now it is probably the ldaps failing from untrusted cert 2020-05-17T13:24:08 yeah, when using mod_auth_gssapi we disabled ssl mode in apache 2020-05-17T13:24:16 those things don't work with ssl proxy 2020-05-17T13:37:38 * bmwiedemann is off with the kids 2020-05-17T14:14:14 *** heartless_hayyan is now known as heartles4 2020-05-17T14:14:15 *** heartles4 is now known as heartles6 2020-05-17T14:15:40 *** heartles6 is now known as heartles8 2020-05-17T14:15:41 *** heartles8 is now known as heartle10 2020-05-17T14:28:46 *** pontaoskiblackq4 is now known as vredeenliefdeove 2020-05-17T15:02:56 knurpht, reverted my changes for Registered Users and Trusted Users 1 & 2, should be back to normal for my changes... 2020-05-17T15:03:19 knurpht, which groups did you change blog permissions? 2020-05-17T15:06:00 knurpht, I'm guessing Trusted Users - Blog, if so all look good. 2020-05-17T15:07:22 Yeah that's what I did. And Technical staff 2020-05-17T15:10:15 When I removed the write perms for the Recent Articles all subcagories did not inherit the perms from Recent Articles. This time setting them back to write permission for Recent Articles were immediately added to the sub categories 2020-05-17T15:10:55 knurpht, looks all good from here ;) 2020-05-17T15:13:26 -heroes-bot- PROBLEM: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS CRITICAL: DB postgres total locks: 68 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks 2020-05-17T15:13:35 malcolmlewis: yeah. Login is fast, forums are much more responsive ( aware that we're the only visitors :D ). I see no issues with going live 2020-05-17T15:14:22 I tested logging in and out a bunch of times 2020-05-17T15:14:57 I asked adrian to add a header for email verification, so that part can also work 2020-05-17T15:15:30 lcp: there still something wrong with the SSL of the admincp 2020-05-17T15:16:06 knurpht, lcp just need to open a ticket for forum-admin@o.o to be created and point to our email addresses.... 2020-05-17T15:16:07 yeah, I should look into that, shouldn't I 2020-05-17T15:33:26 -heroes-bot- RECOVERY: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS OK: DB postgres total=42 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks 2020-05-17T15:34:00 -heroes-bot- PROBLEM: NRPE on olaf.infra.opensuse.org - CHECK_NRPE: Error - Could not connect to 192.168.47.17: Connection reset by peer ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=olaf.infra.opensuse.org&service=NRPE 2020-05-17T15:44:00 -heroes-bot- RECOVERY: NRPE on olaf.infra.opensuse.org - NRPE v3.2.1 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=olaf.infra.opensuse.org&service=NRPE 2020-05-17T15:51:44 malcolmlewis, knurpht: I just hardcoded `https://`value in `/includes/class_core.php` because since we are using a proxy, the way it was trying to find out the correct protocol wouldn't work 2020-05-17T15:52:18 I also saved the previous file under `/includes/class_core.php.20200517` if you want to toy with making it behave more correctly than that 2020-05-17T15:52:46 but it would be hard without doing some weird things, so I just gave in and hardcoded correct value for the external access 2020-05-17T15:55:18 lcp: it's probably a better idea to set the HTTPS header in the apache config (value: "on") 2020-05-17T15:55:48 hmm 2020-05-17T15:55:58 let me try that 2020-05-17T15:57:32 cboltz: that doesn't work 2020-05-17T15:58:37 neither Header nor RequestHeader work 2020-05-17T16:00:28 In theory RequestHeader should work, no idea about practise ;-) 2020-05-17T16:00:49 yeah, it doesn't work sadly :c 2020-05-17T16:01:17 cboltz: you can even see it on forums.opensuse.org/snoop.php 2020-05-17T16:03:34 got a phone call, I'll check later 2020-05-17T16:19:18 *** ByteCommander[m4 is now known as ByteCommander280 2020-05-17T17:16:15 *** uniminin[m]12 is now known as uniminin[m]14 2020-05-17T17:16:16 *** uniminin[m]14 is now known as uniminin[m]16 2020-05-17T17:53:14 tested locally - in theory RequestHeader add HTTPS on works 2020-05-17T17:53:37 sadly it ends up as HTTP_HTTPS in PHP - looks like it gets prefixed with HTTP_ 2020-05-17T17:54:07 maybe there's another way: 2020-05-17T17:54:38 $_SERVER is a special variable, but it's not read-only 2020-05-17T17:54:59 try adding $_SERVER['HTTPS'] = 'on'; to the forum's config file ;-) 2020-05-17T18:31:50 *** davidv7[m]1 is now known as davidv72315[m] 2020-05-17T18:32:34 cboltz: also nope 2020-05-17T18:33:01 then the config file gets loaded too late :-( 2020-05-17T22:49:05 lcp, any thoughts on new wording for https://forums.opensuse.org/faq.php?faq=novfor#faq_changepass and https://forums.opensuse.org/faq.php?faq=novfor#faq_changeidemail 2020-05-17T22:49:32 or just point to https://idp-portal-info.suse.com/ 2020-05-17T23:00:56 malcolmlewis: oh wow, that's convoluted 2020-05-17T23:09:32 malcolmlewis: this should work https://forums.opensuse.org/faq.php?faq=novfor#faq_changeidemail 2020-05-17T23:22:16 lcp, looks good, thanks :) 2020-05-17T23:24:32 lcp, also created a ticket for the 'Contact Us' link 2020-05-17T23:25:19 great